I'm trying to accomplish a key exchange between Node.js using the crypto module and a web client using the Web Cryptography API.
So far I managed to process the key exchange to the point where I derive the shared secret on the server and the client side. On the server side I used the 'secp521r1' curve and on the client side the equivalent curve with the name of 'P-521'.
On the client I receive a shared secret that is has a length of 32 bytes, which I assume is the correct length of an AES-GCM key with 256 bits. But on the server I receive a key with the length of 66 bytes. Below are two examples of generated keys, one encoded in base64 and one as byte array:
Base64 encoded:
Client AES-Key: AJQQpnOjNe2/QQz5T9NmSPFpFgUG/20739EhdjVt//I=
Server AES-Key: AJQQpnOjNe2/QQz5T9NmSPFpFgUG/20739EhdjVt//LYZ+XeuTgkwv7CJFQrqNWxnny8R+VP3nJuk1SUyDJsa7+f
Byte array:
Client AES-Key: 0,249,8,221,38,57,84,243,202,83,90,68,4,41,49,224,69,89,162,74,47,72,134,169,32,3,133,55,109,105,144,249
Server AES-Key: 0,249,8,221,38,57,84,243,202,83,90,68,4,41,49,224,69,89,162,74,47,72,134,169,32,3,133,55,109,105,144,249,66,66,131,19,81,11,27,161,132,7,244,2,191,221,162,169,247,108,128,229,211,217,109,78,5,71,232,252,243,36,214,42,199,175
I think I misconfigured something on Node.js, but i couldn't find any hints in the documentation on how to do it correctly.
This is what i do on Node.js to extract the key:
var ecdh = crypto.createECDH('secp521r1');
ecdh.generateKeys();
ecdh.getPublicKey('base64'); // passed this to the client
// After I receive the public key of the client
var shared = ecdh.computeSecret(clientPublicKey, 'base64');
My questions are:
- Is my assumption correct, that the key from Node.js is incorrect?
- What do I have to do to correctly extract an AES-GCM 256 bit key?
- What does the current output mean?
Any guidance is appreciated.